Project: SVG Formatter
Security risk: *Critical* 15∕25
Vulnerability: Cross Site Scripting
This module adds a new formatter for the file fields, which allows any file
extension to be uploaded.
The module doesn't sufficiently handle sanitization under the scenario
uploaded SVG files.
This vulnerability is mitigated by the fact that an attacker must have a role
with the permission create or edit on certain content types that allows SVG
files to be uploaded.
Install the latest version:
* If you use the SVG Formatter module for Drupal 8.x, upgrade to SVG Formatter 8.x-1.06
Also see the SVG Formatter project page.